From mike.gabriel@das-netzwerkteam.de Thu Feb 27 16:30:49 2014 Received: (at 438) by bugs.x2go.org; 27 Feb 2014 15:30:57 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 450315DB16; Thu, 27 Feb 2014 16:30:49 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id DDEF61EBAE; Thu, 27 Feb 2014 16:30:48 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id AB55A3BE19; Thu, 27 Feb 2014 16:30:48 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPdE82gBTbQ3; Thu, 27 Feb 2014 16:30:48 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 503FF3BD70; Thu, 27 Feb 2014 16:30:48 +0100 (CET) Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Thu, 27 Feb 2014 15:30:48 +0000 Date: Thu, 27 Feb 2014 15:30:48 +0000 Message-ID: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> From: Mike Gabriel To: 438@bugs.x2go.org Cc: 438-submitter@bugs.x2go.org Subject: Re: x2goserver and rhel6.4 / selinux Problem User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.254.47 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_qgYGkJEruW5vYviVPniSUw1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_qgYGkJEruW5vYviVPniSUw1 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Control: tag -1 moreinfo Hi Frank, > --------------------------- > > ls -Z .Xauthority > -rw-------. frank users unconfined_u:object_r:default_t:s0 .Xauthority > > -------------------------- > > Then I do a logout. Now, when I try to connect again to the x2go > server system, I get > the following error message on the client side and no session is started. > > ----------------------------- > ..... > > "Warning: Cookie mismatch in the X authentication data. > " > > "Session: Terminating session at 'Thu Feb 27 09:40:05 2014'. > Info: Your session was closed before reaching a usable state. > Info: This can be due to the local X server refusing access to the client. > Info: Please check authorization provided by the remote X application. > Session: Session terminated at 'Thu Feb 27 09:40:05 2014'. > " > > deleting proxy > > nxproxy not running > > proxy deleted > > ----------------------------------- > > But when I change the selinux permissions to > > ------ > > ls -Z .Xauthority > > -rw-------. frank users unconfined_u:object_r:xauth_home_t:s0 .Xauthority What are the SELinux permissions after you have logged out? Do you need that chcon command call when resuming sessions or when starting sessions. Excuse my SELinux innocence at this point. I would like to add support for SELinux, but I need to understand better why we have to tweak the security context of .Xauthority for X2Go. Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_qgYGkJEruW5vYviVPniSUw1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTD1ooAAoJEJr0azAldxsx+qMP/jr5BULzGRDfO39wZ3+2rKTX CtinCtXq6XTobWyg+EyAhlHP4WSMHUN+cvo+YQwY90MpiWUw1d+THvHsYbRPb/Z4 kEV9xH6bdUx6pFjI68atEE2DAhL6mcewZygnN2B7X+/L+KmXi3c9dFA50pbnpQXM etKAl/HmwS0lxX4EJ5BWlb5I4qu5eahs1U4FbZmJSMsKiW1GdgrW2W/j7p7ETEM9 5NQjsxSw6ISWzTb77KF73KSP+GRFvfqEuWkZBMjqlJyv2eYRv9FwMmRpGolaHZbY 3PDakEaOAIESTG+oIjKUzl4WK7h5rzeegggZZMdhKvf07EQ0A7uxKQGmfU8BvWfP uZkw3HuexwwSH6Qp8EpyI/ffwd+R9RrY3MEpTMAmkSoJnatGXXCApgBD1jcZre+c Tw/8de+Z979p5mGN5S+PJ/VZ73oqKF9oiy+FRAOunuVqrKE0xwbxYFNN7tC0kXp4 7WT4rgNL+TDZniikjx+5BxTOAcBUfji9jndrtUqf1l16g0k79Z4NR+NWpbr6GQEi 62Ag9i9mEIxcdq1+GhtQLEdrFzeGdTRZ8ooUuQ7MF1AJEtFehaa99jsEYXI7y0og GDfpTL8LD7APqkV9sWqdhVNC8llplZTUeSFp0fdD4CwUExHpbkNS/K9/M7R4JMFh YZZ/6KU0N/+OvwjuQ7bq =tYLo -----END PGP SIGNATURE----- --=_qgYGkJEruW5vYviVPniSUw1--